The larger goal is to build a more resilient enterprise. It won’t stop all adversaries, but it will stop more. One of the objectives is to prepare good defenses at every step of the kill chain in order to slow down attackers and make it more and more costly to continue.
“You have to ask what would you do if the adversary has access to the internal corporate network, usernames and passwords, all documentation and specifications of the network devices, systems, backups and applications,” Malone says.
Attackers have goals, he says, and are willing to expend a certain amount of resources to achieve them. If defenders can boost the cost – whether monetary, personnel or time – above the value the attackers expect to reap, then they can succeed more often, Malone says. It’s an economic model based on the premise that no defenses will be perfect.
Sign up for Computerworld eNewsletters.